On Sep 29, 2014, at 7:09 AM, Andrey Epifanov <aepifanov at mirantis.com> wrote: > Hi All, > > I started working on the the https://bugs.launchpad.net/neutron/+bug/1339028 > and realized that we have the same issue with other connected resources in Neutron. The is a bug in how we’re implementing the logic to manage routes on the router instance in the l3-agent implementation. There are other implementations of the logical router that do not need this restriction. > > The problem is that we have API for the modification of any resources without > limitations, for example, we can modify Router IP and connected to this subnet > VMs never will know about it and lose the default router. The same situation > with routes and IP for DHCP/DNS ports. > > https://bugs.launchpad.net/neutron/+bug/1374398 > https://bugs.launchpad.net/neutron/+bug/1267310 I don’t see any of these as a bug. If tenant wants to make changes to their network (even ill advised ones), we should allow it. Restricting these API operations to admin’s means we’re inhibiting users from making changes that could be regular maintenance operations of a tenant. mark -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140929/981cf7cb/attachment.html>